cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

726
Views
0
Helpful
5
Replies
Tulga Bat
Beginner

ASA 5510 Issue

I am receiving below message on the Internet Firewall and losing connection, mostly upload side like Outlook, Facebook, Youtube ...

6      9:38:45     106015      53142     173.252.112.23     443     Deny TCP (no connection) from 10.*.*.*/53142 to 173.252.112.23/443 flags RST on interface inside

i've tried "sysopt connection timewait" command and still no success, any idea?

5 REPLIES 5
vishaw jasrotia
Beginner

hey

please paste your running configuration

Thanks

Vishaw

Actually there is not much configs on it

Hello Tulgabat,

As you can see the ASA is receiving a RESET packet from the Inside client after the connection has been torndown.

My recommendations: Do captures on both interfaces of the ASA:

cap capin interface inside match tcp host inside_host_ip_address host outside_host_ip_address

cap capout interface outside match tcp host outside_nat_ip_address host outside_host_ip_address

Then attempt to connect and finally provide the following to us

show cap capin

show cap capout

show logging | include x.x.x.x (Inside_host_IP address) Hopefully you have loggin enabled

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

# sh cap capout

   : 14:02:44.673091 202.131.225.97.6153 > 74.117.178.90.80: P 2135110166:2135                                            111132(966) ack 650230300 win 16436

   : 14:02:44.870438 74.117.178.90.80 > 202.131.225.97.6153: . ack 2135111132                                             win 13

  : 14:02:44.874466 74.117.178.90.80 > 202.131.225.97.6153: P 650230300:65023                                            0647(347) ack 2135111132 win 13

  : 14:48:39.055279 202.131.225.97.47817 > 74.117.178.90.80: F 2964315953:296                                            4315953(0) ack 3956491086 win 16560

  : 14:48:39.253648 74.117.178.90.80 > 202.131.225.97.47817: F 3956491086:395                                            6491273(187) ack 2964315954 win 6

  : 14:48:39.254747 202.131.225.97.47817 > 74.117.178.90.80: R 2964315954:296                                            4315954(0) ack 3956491273 win 0

Hello,

Based on this it seems the Internal host is closing the connection:

  28: 14:48:39.055279 202.131.225.197.47817 > 74.117.178.90.80: F 2964315953:296                                            4315953(0) ack 3956491086 win 16560

  29: 14:48:39.253648 74.117.178.90.80 > 202.131.225.197.47817: F 3956491086:395                                            6491273(187) ack 2964315954 win 6

  30: 14:48:39.254747 202.131.225.197.47817 > 74.117.178.90.80: R 2964315954:296                                            4315954(0) ack 3956491273 win 0

TCP FIN packets being negotiated to close the session and afterwards the computer sending a reset

Check my blog at http:laguiadelnetworking.com  and subscribe so you can get daily information about networking.

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Create
Recognize Your Peers
Content for Community-Ad